Cryptography-Digest Digest #425, Volume #11 Sun, 26 Mar 00 17:13:00 EST
Contents:
Re: Gray Code like (Tim Tyler)
Re: Download Random Number Generator from Ciphile Software (Taneli Huuskonen)
Re: Hashes! (newbie question) (Boris Kazak)
Re: Fastest DES implementation on Intel PIII ? ("Kasper Pedersen")
Re: new Echelon article (JimD)
What do these results mean? (Peter Rabbit)
Re: Card shuffling (wtshaw)
Re: OAP-L3: Answer me these? (Jerry Coffin)
Re: OAP-L3: Answer me these? (Jerry Coffin)
Re: OAP-L3: Answer me these? (Jerry Coffin)
Re: OAP-L3: Answer me these? (Jerry Coffin)
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Gray Code like
Reply-To: [EMAIL PROTECTED]
Date: Sun, 26 Mar 2000 19:15:11 GMT
[EMAIL PROTECTED] wrote:
[LFSR construction]
: Or detect when all but the MS bit is zero and invert the feedback path [...]
Thanks for posting this. It may wind up as the thing that I learned today.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
I'm from the government and I'm here to help you.
------------------------------
From: [EMAIL PROTECTED] (Taneli Huuskonen)
Crossposted-To: talk.politics.crypto
Subject: Re: Download Random Number Generator from Ciphile Software
Date: 26 Mar 2000 22:17:20 +0300
=====BEGIN PGP SIGNED MESSAGE=====
In <[EMAIL PROTECTED]> Anthony Stephen Szopa
<[EMAIL PROTECTED]> writes:
[...]
>array files. Rotate Set3 and the state of the primary array files
>change and this will change the state of Set4 and Set5. Also,
According to your Web page, you rotate Set1 rather than Set3, which
obviously leaves Set4 unchanged. However, this is a minor nit; if you
fixed this glitch in the obvious way, essentially the same problem would
remain.
[...]
>No MEANINGFUL relationship(s) such as the ones you suggest above can
>be made. You can write the relationships symbolically, but knowing
>only the data we assume we have, these relationships cannot be
>quantified. They remain variables or place holders waiting for
>values which cannot be determined.
Here's an excercise. Pick three permutations of the numbers 0..9, say
P1, P2, and P3. Form P4 by using P2 to index P1, P5 by using P3 to
index P4, P6 by using P3 to index P2, and P7 by using P6 to index P1.
Assuming we only know P7, the value of any one of P1, P2, P3, P4, or P6
could be anything. How about P5?
Just do it for real, and you might learn something.
Taneli Huuskonen
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQB1AwUBON5hSwUw3ir1nvhZAQEC2wMAwiHc1DDNK7PC2XNuhti+hHp3bAcvppDT
E9no4LHfAM0ul7NZ+Wb4l7PkMJbouHrQMEvzwaNWDKxlbNVZfFQY4S5NqC7acfnl
3BA0qqlR6TXztRSZ8PSQWLRA9ByJep6+
=0mG3
=====END PGP SIGNATURE=====
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Hashes! (newbie question)
Date: Sun, 26 Mar 2000 19:52:08 GMT
Simon Johnson wrote:
>
> I am designing a new hash for a login system and I have decided to seed a
> PRNG and produce a 160bit hash out of a random number generator.. But to do
> that I must first pre-hash the text into a number. After many hours of
> experimentation, if produced the following algorithm, I tested it over the
> (256-1)*3 bits.
>
> For n = 1 to len(text)
> a = sqrt((a+n)*asc(mid(text,n,1))) 'square root ( a * n * (the ascii rep
> of the n'th char of text))
> Next N
>
> I would like to know if this function produces any collisions?
=====================
I could not figure out, how the proposed algorithm works.
1) Variable a must be somehow initialized.
2) Am I correct in assuming that ' is a separator between
a pseudocode statement and a comment?
3) If not, then what arithmetic or logical operation
corresponds to ' ?
4) Assuming that ' starts a comment, operation uses a+n in
pseudocode body, but uses a*n in explanatory comment.
Which one is true?
5) Since the result of calculations is a floating number, please
be specific about the precision (32, 64, 80 or 128 bit),
how the roundoffs are handled during multiplication and
square root calculations, how many significant digits do
you keep in your final result.
6) And why use floating arithmetic at all? Integer operations
are absolutely identical on all computer platforms, are
fast, easily chainable and in general easier to program and
evaluate.
Best wishes BNK
------------------------------
From: "Kasper Pedersen" <[EMAIL PROTECTED]>
Subject: Re: Fastest DES implementation on Intel PIII ?
Date: Sun, 26 Mar 2000 20:20:46 GMT
"Eric Young" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Koning wrote:
<..cutting..>
>
> The x86 assembler was optimized for the pentium, but it is still quite
> good on x86-P6 CPUs.
>
> eric
It was absolutely-super-optimized for the P5 cpu! But it hurt quite a bit on
the P6.2, P6.3, K6.
When we optimized for P6.2, K6, we _did_ gain a lot of speed, but at far as
I remember, it's now really slow on P5.
He'd probably have to include both routines, which wouldn't be a problem as
I believe they have compatible data areas.
/Kasper
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: new Echelon article
Reply-To: JimD
Date: Sun, 26 Mar 2000 19:31:01 GMT
On Sat, 25 Mar 2000 11:09:53 +0000, [EMAIL PROTECTED] wrote:
>Is there anyway to insert crypto hardware into cellphones?
>
>I have 4 Nokia phones and 1 Nortel - as far as I'm aware none of the
>manufacturers publish details on how to stick extra hardware into the
>phones.
Not practical, is it? How would you communicate securely?
Every one you telephone would have to have compatible
hardware (and software setup).
Nortel manufacture a secure telephone system which will handle
data as well, using a public key crypto system, but again
your correspondents would also need to be suitably equipped.
The present encryption fitted to digital mobile 'phones
(in the UK at least) is more than adequate to defeat
casual interception. (By people with radio scanners).
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: Peter Rabbit <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: What do these results mean?
Date: Sun, 26 Mar 2000 20:38:38 GMT
I'm no big light in crypto and do not have a lot of time to study the
subject, but I do dabble. I've written a cipher that is a mix between
Transposition, Block and Stream (I think) and it seems to do the job.
When running the results thru "ent" I usually get results like...
Entropy=7.9983007 Bits per Byte
Optimum compression of 10120 Bytes by 0 percent
Chi Square = 238.79
Arithmetic mean 127.9326 (127.5 = rand)
Monte Carlo PI=3.09845 (1.37%)
Serial correlation coeff = -0.002557
these results vary with better numbers for bigger files. The file
encrypted here consisted of 10,000 "1"s. Loading the encr. file into
Wordpad and doing a search of any 2 Byte repetition (case sensitive)
revealed usually NO repetition or, occasionally, 1 repetition. On larger
files 2 Byte key repetition occurs about every 60,000 or so. That is as
it should be given that there are 2^16 -1 possibilities for 2 Bytes.
Following Alexander Pukall's example and changing 1 Byte in the
encrypted file by 1 Bit (from "a" to "b" or something) and then
decrypting has the following effect.
Dispersed throughout the file of 10120 Bytes I fing 42 - 5 Byte
sequences that were changed. All 5 Byte sequences are different. The
files are read into memory in 16k blocks. (The password gets hashed into
a 256 Byte key.
My question is... What does that mean? Do the 5 Bytes indicate a 40 Bit
encryption or 42*40=1680 Bits?
Thx, Peter Rabbit
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Card shuffling
Date: Sun, 26 Mar 2000 14:55:56 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Just a passing thought: To add some entertainment value of one's
> message for the opponent such that he doesn't feel his job to be
> too dull and uninteresting, one could with today's techniques
> easily emply from time to time codes with diverse nice graphical
> symbols, e.g. those of cards or, what I think is quite good looking,
> hieroglyphs. (The opponent needs to go outdoors to find the Rosseta
> stone and the fresh air and physical activity help to keep his body
> fit.)
>
You are absolutely correct
Imagine the real necessity of looking at a physical encrypted message as
in the CIA sculpture. Or, in this case a few playing cards. I'll use
these lines to build some keys for my newest child, number 31 of a series,
Pinsk, which can have a transposition size of 11 or 22 hexits. Input is
in modified 26, output in base 52, or card deck.
Sub1(Pk): zpajlqdwketfbnrgchuvmxysio
Sub2(Pk): DEwtApaPbFrVKufcxjBgIWGQkizlLMdqmeNvCRsnYZXOhTyHSUJo
Trans(Pk): vpimshjqdarebgftolcukn
Pt formatted in groups of 12 for Pinsk 22: this|is|a|ve ry|healthful
|observation
Ct, base 52: IsdRkMnDWK mdxZNXcseB QFzohIwfQv
As cards: (10)<7>{5}[6]{Q} (A)<2>(5)[J](Q) {A}{5}<Q>[A][2]
[Q]{4}<7>{6}(3) [5](7)<A><3>{9} (10)<J>{7}[5]<10>
Real quickly, I spot that 5 of spades is used, maybe other dups too. If
these cards were stacked at te beginning of a deck, that might be missed.
Pinsk does not do carriage returns, blank lines, or use W for other than a
space. This is a marginal alorithm in some respects as it does not fully
meet my criteria, but with an active transposition key with the others,
keyspace can be equivalent with 88.4 + 225.6 + 69.9 bits. If you want to
do it longhand, 9 digit mathematics is involved.
Since I have take the base 52 side trip, guess I need to pull another one,
that is similiar, out of the hat. The math is done, but there is a format
challenge.
--
To see the results of GW Bush's shaddow, visit the Valley;
notice the miserable conditions he allows to fester.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sun, 26 Mar 2000 14:57:33 -0700
In article <e#aujAVl$GA.215@cpmsnbbsa02>, [EMAIL PROTECTED]
says...
> I think we have to part company a bit on this. I am not
> comfortable saying that quantum computers won't become a
> reality in my lifetime.
They're already a reality: in fact, there was a recent announcement
of the first 7-qubit computer having been built and done something.
The question is only whether they'll actuall accomplish anything
useful. Right now the quantum computers they've gotten to work at
all are roughly equivalent to a small child counting on hish fingers;
barely able to get correct answers, and certainly not doing anything
complex or even doing simple things quickly.
OTOH, there was undoubtedly a time at which Richard Feynman, Albert
Einstein, etc., could only barely keep track of their own ages. Such
humble beginnings don't mean that quantum computing can't accomplish
extremely useful things before all is said and done...
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Answer me these?
Date: Sun, 26 Mar 2000 14:57:35 -0700
In article <%62D4.70010$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Um no. No real OTP can be cryptanalyzed. You would have to either break
> the RNG used to encrypt or bribe etc..
>
> There is no such thing as a OTP bit flipping attack. You are making things
> up now.
No, you're just ignoring reality. I'm not going to bother explaining
things again, since it's clear you're simply not paying attention.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sun, 26 Mar 2000 14:57:40 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> "Could a software engineer, using as a specification only the
> descriptive material available at your web site, duplicate your
> encryption program?"
>
> I certainly believe this: anyone experienced in the art can do
> so easily at least through creating the OTPs. All of the processes
> are fundamentally very simple and well known universally. Only no
> one has put them all together to generate random numbers before,
> as far as I know.
[ and on an on, without ever really answering the question ]
Anthony, you should forget about cryptography and got int politics
instead -- the trick of repeating the question, and then talking
about whatever you feel like, as if it provided an answer, works well
in politics but won't make your garbage work any better.
To the OP: as implied by his reams of beating around the bush without
ever actually admitting it, the short answer is that, NO he doesn't
provide anywhere close to the level of detail necessary.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sun, 26 Mar 2000 14:57:37 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> I will not accuse you of being a liar.
> I will not accuse you of being an idiot.
> I will not accuse you of being stupid.
You then go on to attempt to imply each of the above, in essence
making a liar of yourself.
> Although a case could be supported for each of the above.
>
> 1) CASE: liar. You say the theory, and specification of the
> procedures and processes have not been made available. Not true.
> The theory, and specification of the procedures and processes have
> been available for some time now at http://www.ciphile.com
This is where the BIG lie comes into the picture: you have some
garbage that you SAY covers the theory and the specification of
procedures and processes, but as has been pointed out repeatedly in
the past, what you've posted covers nothing of the sort; it contains
nothing more than hand-waving. Based on its content, there are two
possibilities: either you don't really know how your software works,
or else you're intentionally covering things up to prevent the rest
of the world from knowing how it works. Regardless of how they got
to the sad state they're in, the portions of your help files that
talk about the algorithm you use are utterly worthless and useless.
> 2) CASE: idiot. "01234567890123456789... Each output digit will
> occur an exactly equal number of times making a bias of exactly
> zero." Not quite. Bias refers to any patterns that can be
> discerned and exploited cryptoanalytically. There is clearly a
> pattern here, the sequence is predictable, etc.
Bias does NOT refer to any pattern that can be discerned and
exploited. Bias refers specifically and ONLY to a sequence
containing different digits at different frequencies. As expressed
(in decimal) the sequence above is absolutely free of bias: every
digit occurs exactly twice. If each digit is expressed in binary,
there is a bias: 0 bits occur more often than 1 bits.
The obvious predictability in this case is not bias, but correlation:
correlation refers to being able to predict the next part of the
sequence based on previous parts of the sequence. The sequence given
above is free of bias, but highly correlated.
It's long been said that it's better to stay silent and be thought a
fool than speak and remove all doubt. Even if he doesn't learn the
accepted terminology for the concepts, anybody designing a cipher
should certainly have thought about things enough to classify
predictability into the two basic areas normally referred to as bias
and correlation. By claiming that there IS only one class, you've
shown not only that you're ignorant of the terminology, but that
you've given insufficient thought to the ways in which an attacker
can and will look at the output from your program. In short, by
speaking, you removed all doubt; it's obvious that you can't possibly
have taken into account the factors necessary to do a good job of
design a cipher, because you deny the very existence of those
factors.
> 3) CASE: stupid. "By adding a new process you inherently add
> ability to "mix things up even more." That is simply not the
> case..." Oh, really? In the popular state lotteries or in the
> gambling game of keno, you may pick six numbers. Six of eighty
> ping pong balls numbered 1 - 80 are randomly selected. Let's
> say you bet one dollar for your pick six. If I decide to add
> 80 more ping pong balls making a total of 160 and keep your
> potential winnings the same, will you now bet two dollars?
Your comparison is invalid for a number of reasons. First and
foremost, adding more balls to a lotto machine does NOT add "a new
process" -- it only adds more balls that will be processed in exactly
the same fashion. Rather than being analogous to a new encryption
algorithm, it's roughly equivalent to using a larger key with exactly
the same algorithm (which of course requires an algorithm that
supports both key sizes).
Second, with the balls in a lotto machine, much like a cipher, there
may be unforseen side-effects of using twice as many balls. In the
case of a lotto machine, you would probably need a bigger box and/or
a longer time for them to mix up before the order of them balls is
completely unpredictable. If you used exactly the same process
otherwise, it's entirely possible that the balls simply would not mix
well at all.
Now, to be truly analogous to adding a new process, what you want to
discuss would be something that retains exactly the same number of
balls, but attempts to randomize them better. For a couple of
examples, the balls are normally rolled into the box in order, then a
blower is turned out to mix them up. Two possible processes you
could add would be to 1) mix the balls up ahead of time, so they're
rolled into the machine in a random order, or 2) have the air
pressure and/or volume from the blower varied in a random fashion.
I don't believe that either of these would have any good effect at
all -- statistical studies have shown that the output is already
quite thoroughly unpredictable, and therefore adding these new
processes would accomplish nothing useful.
> You admit to not having read the Help files or insist that
> you are unable to understand them, you have not gotten the
> software: in other words, you don't know what you are talking
> about yet you seem to be an authority on OAP-L3. Incredible!
I've read and understood the help files. They were _obviously_
written to impress people with complexity, NOT to provide adequate
information for cryptanalysis or say anything about the strength of
the encryption provded. Since you claim they provide real, solid
information, there are really only two possiblities: either you're so
grossly incompetent that you haven't a clue of what you need to
provide, or else you're intentionally withholding the information you
know is necessary.
> I really get satisfaction knowing that my work has gotten to you.
> Can't refute the facts can you.
Facts, by their nature, can't be refuted. Fortunately for those of
us who refute your claims on a regular basis, facts are only rarely
to be found among your claims. So far, on the rare occassion that
you DO say something that's truly factual, it's not really related to
your original argument at all.
> There is a very real encryption
> software package here to address. It's tangible.
The software is tangible. The security is not.
> But I am afraid nearly everything you have said to date has been
> unscientific, insupportable or unsupported, and without merit.
You should be afraid, but mostly because the criticisms of your
software are well supported by facts.
> By the way, I have had tremendous traffic at my web site where many
> many copies of the OAR-L3: Original Absolutely Random Level3 random
> number generation software has been being downloaded.
Great. What does this have to do with anything? Do you honestly
believe that lots of traffic somehow means the product is of high
quality? In the past you've seemed intelligent but misguided.
Recently, your statements about traffic levels, who's downloaded your
software, etc., make it sound a great deal more as if you aren't very
intelligent after all.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
